Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2404572imu; Thu, 17 Jan 2019 13:37:03 -0800 (PST) X-Google-Smtp-Source: ALg8bN4p+1PWwF413lq7EVLSOBwOafLBET+W3LiaJEn2ug8yOsPXixU8Hm/ib/U8ZZrkTbOhXY2Z X-Received: by 2002:a17:902:9b87:: with SMTP id y7mr16679940plp.336.1547761023635; Thu, 17 Jan 2019 13:37:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547761023; cv=none; d=google.com; s=arc-20160816; b=JyKtIbvepjChnx+e+VBjhiDpr07RIMJ64pgSGwKi2qBJ3ml6mWN4ql0xz7pQL48T88 OgJ98NwrF5eHemhTkAysUTSdxOLP0CPJErQXsY5g2EZoeqh79PfX5wAa33Zt2ZV2589a YNCDIq47aU9I+f73RTPaxiduVoM/bXY6Nq1TCjDTithhVB9c04kZyUxvkrV6xlpD6XHk j2sLvAbMdmWVq67agB2/AeDJG4qPFetZ08Bfr7i+ROB9LkxCgvCZpf4RXCTaRi9cXd2q CgTeApN+RoKwv8/noCSLHj96rxmOPDiuwhJmc8ImLxKeLe8717Y87QK5hqt+Zb0IgOPE THuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-filter:dkim-signature; bh=8rmDsS9E5B8u+tYMocCVtDNhnuStx/5XqpBmV+qW2ok=; b=OnTesR1EVw96/BfSDfdi0ljyn4lBzOSPbnQhJbh/MefwbQy7tv/yImxVlv25YYXDFY TLv5cFkWDZypOup9j7rmka5/xvmur7m2oo0+UjQI3zSm7i9+y0rJP9z7fsThhEsClLZD jkRPPj+rIMdL6v68ouifmfa52uEQI12LfbvsdR1h/doRuxsXI2Mvs9JOkISJlYyATXL9 ZyYAyPy9h/SCVOls7FJe/ETqrpMJNunEVsMdByEFryi7CLmrSezRONeU89GlqTq4SyVf hJ1fGs7XfPPgwo+FEpgat88eKitI0kBY3BYPN7LWf+bsceHJvU+b7dxg4VSrN01daP7F Bfiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fjfi.cvut.cz header.s=20151024 header.b=0Fj2LQcm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si2836749plr.189.2019.01.17.13.36.48; Thu, 17 Jan 2019 13:37:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fjfi.cvut.cz header.s=20151024 header.b=0Fj2LQcm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729819AbfAQVde (ORCPT + 99 others); Thu, 17 Jan 2019 16:33:34 -0500 Received: from mailgw1.fjfi.cvut.cz ([147.32.9.3]:35608 "EHLO mailgw1.fjfi.cvut.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729789AbfAQVdc (ORCPT ); Thu, 17 Jan 2019 16:33:32 -0500 Received: from localhost (localhost [127.0.0.1]) by mailgw1.fjfi.cvut.cz (Postfix) with ESMTP id 6563EA3981; Thu, 17 Jan 2019 22:33:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fjfi.cvut.cz; s=20151024; t=1547760809; i=@fjfi.cvut.cz; bh=8rmDsS9E5B8u+tYMocCVtDNhnuStx/5XqpBmV+qW2ok=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=0Fj2LQcm1yClKjBx2SL83FNnmMXh/dMjo1/UKiWO4Aww9tAwkgsg8XGdVfXDWIQjJ VcAlvSBNvtbjQOHfLilH+rio//XKyuJz2t+UMqOaYrsuUdoXoqTmHDor4llbAj3/yd OXFHrvfMlp5ONTHnnh/atb/0e1EQ0aMZISLTdoE4= X-CTU-FNSPE-Virus-Scanned: amavisd-new at fjfi.cvut.cz Received: from mailgw1.fjfi.cvut.cz ([127.0.0.1]) by localhost (mailgw1.fjfi.cvut.cz [127.0.0.1]) (amavisd-new, port 10022) with ESMTP id ScMS87qomVCu; Thu, 17 Jan 2019 22:33:21 +0100 (CET) Received: from linux.fjfi.cvut.cz (linux.fjfi.cvut.cz [147.32.5.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailgw1.fjfi.cvut.cz (Postfix) with ESMTPS id 77D2BA395A; Thu, 17 Jan 2019 22:33:12 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mailgw1.fjfi.cvut.cz 77D2BA395A Received: by linux.fjfi.cvut.cz (Postfix, from userid 1001) id 1ABAB60051; Thu, 17 Jan 2019 22:33:12 +0100 (CET) From: David Kozub To: Jens Axboe , Jonathan Derrick , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Jonas Rabenstein , David Kozub Subject: [PATCH v2 11/16] block: sed-opal: ioctl for writing to shadow mbr Date: Thu, 17 Jan 2019 22:31:51 +0100 Message-Id: <1547760716-7304-12-git-send-email-zub@linux.fjfi.cvut.cz> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1547760716-7304-1-git-send-email-zub@linux.fjfi.cvut.cz> References: <1547760716-7304-1-git-send-email-zub@linux.fjfi.cvut.cz> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jonas Rabenstein Allow modification of the shadow mbr. If the shadow mbr is not marked as done, this data will be presented read only as the device content. Only after marking the shadow mbr as done and unlocking a locking range the actual content is accessible. Co-authored-by: David Kozub Signed-off-by: Jonas Rabenstein Signed-off-by: David Kozub --- block/sed-opal.c | 88 ++++++++++++++++++++++++++++++++++- include/linux/sed-opal.h | 1 + include/uapi/linux/sed-opal.h | 8 ++++ 3 files changed, 96 insertions(+), 1 deletion(-) diff --git a/block/sed-opal.c b/block/sed-opal.c index f85d9e53aab8..ee24e4e7ad6e 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -34,6 +34,9 @@ #define IO_BUFFER_LENGTH 2048 #define MAX_TOKS 64 +/* Number of bytes needed by cmd_finalize. */ +#define CMD_FINALIZE_BYTES_NEEDED 7 + struct opal_step { int (*fn)(struct opal_dev *dev, void *data); void *data; @@ -668,7 +671,11 @@ static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn) struct opal_header *hdr; int err = 0; - /* close the parameter list opened from cmd_start */ + /* + * Close the parameter list opened from cmd_start. + * The number of bytes added must be equal to + * CMD_FINALIZE_BYTES_NEEDED. + */ add_token_u8(&err, cmd, OPAL_ENDLIST); add_token_u8(&err, cmd, OPAL_ENDOFDATA); @@ -1500,6 +1507,57 @@ static int set_mbr_enable_disable(struct opal_dev *dev, void *data) return finalize_and_send(dev, parse_and_check_status); } +static int write_shadow_mbr(struct opal_dev *dev, void *data) +{ + struct opal_shadow_mbr *shadow = data; + const u8 __user *src; + u8 *dst; + size_t off = 0; + u64 len; + int err = 0; + + /* do the actual transmission(s) */ + src = (u8 *) shadow->data; + while (off < shadow->size) { + err = cmd_start(dev, opaluid[OPAL_MBR], opalmethod[OPAL_SET]); + add_token_u8(&err, dev, OPAL_STARTNAME); + add_token_u8(&err, dev, OPAL_WHERE); + add_token_u64(&err, dev, shadow->offset + off); + add_token_u8(&err, dev, OPAL_ENDNAME); + + add_token_u8(&err, dev, OPAL_STARTNAME); + add_token_u8(&err, dev, OPAL_VALUES); + + /* + * The bytestring header is either 1 or 2 bytes, so assume 2. + * There also needs to be enough space to accommodate the + * trailing OPAL_ENDNAME (1 byte) and tokens added by + * cmd_finalize. + */ + len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED), + (size_t)(shadow->size - off)); + pr_debug("MBR: write bytes %zu+%llu/%llu\n", + off, len, shadow->size); + + dst = add_bytestring_header(&err, dev, len); + if (!dst) + break; + if (copy_from_user(dst, src + off, len)) + err = -EFAULT; + + add_token_u8(&err, dev, OPAL_ENDNAME); + if (err) + break; + + err = finalize_and_send(dev, parse_and_check_status); + if (err) + break; + + off += len; + } + return err; +} + static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid, struct opal_dev *dev) { @@ -2045,6 +2103,31 @@ static int opal_mbr_status(struct opal_dev *dev, struct opal_mbr_data *opal_mbr) return ret; } +static int opal_write_shadow_mbr(struct opal_dev *dev, + struct opal_shadow_mbr *info) +{ + const struct opal_step mbr_steps[] = { + { opal_discovery0, }, + { start_admin1LSP_opal_session, &info->key }, + { write_shadow_mbr, info }, + { end_opal_session, }, + { NULL, } + }; + int ret; + + if (info->size == 0) + return 0; + + if (!access_ok(info->data, info->size)) + return -EINVAL; + + mutex_lock(&dev->dev_lock); + setup_opal_dev(dev, mbr_steps); + ret = next(dev); + mutex_unlock(&dev->dev_lock); + return ret; +} + static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk) { struct opal_suspend_data *suspend; @@ -2378,6 +2461,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) case IOC_OPAL_MBR_STATUS: ret = opal_mbr_status(dev, p); break; + case IOC_OPAL_WRITE_SHADOW_MBR: + ret = opal_write_shadow_mbr(dev, p); + break; case IOC_OPAL_ERASE_LR: ret = opal_erase_locking_range(dev, p); break; diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index b38dc602cae3..cf08cdc13cbd 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h @@ -47,6 +47,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) case IOC_OPAL_ENABLE_DISABLE_MBR: case IOC_OPAL_ERASE_LR: case IOC_OPAL_SECURE_ERASE_LR: + case IOC_OPAL_WRITE_SHADOW_MBR: case IOC_OPAL_MBR_STATUS: return true; } diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index 0cb9890cdc04..8e84307f66d4 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h @@ -104,6 +104,13 @@ struct opal_mbr_data { __u8 __align[7]; }; +struct opal_shadow_mbr { + struct opal_key key; + const __u64 data; + __u64 offset; + __u64 size; +}; + #define IOC_OPAL_SAVE _IOW('p', 220, struct opal_lock_unlock) #define IOC_OPAL_LOCK_UNLOCK _IOW('p', 221, struct opal_lock_unlock) #define IOC_OPAL_TAKE_OWNERSHIP _IOW('p', 222, struct opal_key) @@ -117,5 +124,6 @@ struct opal_mbr_data { #define IOC_OPAL_ERASE_LR _IOW('p', 230, struct opal_session_info) #define IOC_OPAL_SECURE_ERASE_LR _IOW('p', 231, struct opal_session_info) #define IOC_OPAL_MBR_STATUS _IOW('p', 232, struct opal_mbr_data) +#define IOC_OPAL_WRITE_SHADOW_MBR _IOW('p', 233, struct opal_shadow_mbr) #endif /* _UAPI_SED_OPAL_H */ -- 2.20.1